httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Ruggeri <>
Subject Re: Making mod_proxy_http more aware of SSL
Date Thu, 25 Nov 2010 15:00:51 GMT

On 11/25/2010 4:14 AM, "Plüm, Rüdiger, VF-Group" wrote:
> the following seems better:
> +            else if(strcmp(apr_table_get(backend->connection->notes, "SSL_connect_rv"),
"err") == 0) {
> +                    return ap_proxyerror(r, HTTP_INTERNAL_SERVER_ERROR,
> +                                         "Error during SSL Handshake with remote server");
> +
> Regards
> Rüdiger

I agree that the message should be logged as such since logging higher 
than INFO would hide the actual SSL error from mod_ssl. My focus though 
is on marking the backend server out of service as you can't communicate 
unless the SSL transport has been established (essentially a failure to 
connect). Nothing else in the request/response cycle in mod_proxy_http 
does this due to handshake errors and this spot seems to be the very 
first place we can actually check for that condition.

I have updated the patches to log your suggested message after marking 
the workers to be in error state.

Daniel Ruggeri

View raw message